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ABSTRACT 



An access control apparatus and method. Enrollment is 
conducted at a centralized server and enrollment data, such 
as identification data is downloaded to plural local access 
units at respective entrances to a restricted area. The local 
access units then collect data of a person upon an attempted 
entry in to the area and compare the data with downloaded 
enrollment data to determine if the person is authorized for 
access. If the person is authorized, an access control device 
is operated to open a door, gate, or the like of the entrance. 
The enrollment data can be biometric data and the same type 
or different type of biometric data can be collected at the 
local access units. If a different type of data is collected at 
the local access units and is correlated to data stored on the 
local access unit, data of the same type as the downloaded 
data is collected and compared to the downloaded data for 
access control. The enrollment data can be non environmen- 
tally affected data, such as fingerprint parameter data and the 
different type of data can be environmentally affected data, 
such as facial parameter data. 

27 Claims, 4 Drawing Sheets 
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DISTRIBUTED BIOMETRIC ACCESS being for automatically recognizing or verifying identity. 

CONTROL APPARATUS AND METHOD Examples of biometric parameters are facial data, retinal 

data, fingerprint data, speech data, and the like. 

Generally, biometric systems operate in the following 

BACKGROUND OF THE INVENTION 5 manner. First, a system captures a sample of at least one 

1. Field of the Invention biometric parameter during an "enrollment" process. The 
' . , r . . parameters are then converted by the system into a math- 

Tne invention relates to automated ^systems for permitting ematical ^ . d ^ [& stQred ^ ^ biometric 

authorized persons to access secured buildings or other areas tempkte representiDg me a S ured biometric parameters for 

while preventing such access by unauthorized persons. More mat person Tbtn may ^ bc a way to corrc i ate the 

particularly, the invention relates to an access control system 1U template to the person. For example, a personal identifica- 

which uses biometric parameters to identify authorized tion number (PIN) can be given to an enrolled user, which 

persons and to permit access by the authorized persons. jg entered to access the template. Anew biometric sample is 

2. Description of the Related Art then taken and compared to the template or to a group of 
The invention relates to restricting access into a restricted templates. If one of the templates and the new sample match, 

area and thus the term "access", as used herein, refers to ^ P crson k recognized as authorized. Central to a biomet- 

physical entry into a building, or other restricted area. nc s y stem 15 ^ "engine" which processes the biometric 

However, me restricted area can be me exterior of a buHding data m with various algorithms or artificial 

or the like and thus the invention can be applied to control- ". . 

ling entry or exit out of a building or other area. Here have , n Some biometric systems use "identification methods and 

always been situations in which it was desirable to restrict 20 some "f. ,°° lde " tlflcaU ?° s y s,ems ' 

access to certain physical areas to a select person or group 15 P re f D * d . l0 bl ° m ^ c s ^ " d the ^ 

r i o u /• . a i_ i_ i- l j u mei1 attempts to find out who the sample belongs to by 

of people. Such restricted access has been accomplished by rf ^ k ^ a M of f lates ^ btaine >j 

fences walls, locks and other barriers. However even the ^ fa ^ Tol[men [ Verification systems on the other hand 

use of barriers has not prevented unauthorized access. ^ per f 0 rm a one-to-one process where the biometric system is 

Accordingly, it has been necessary in many instances to seeking to verify identity. A single biometric sample is 

provide human surveillance in the form of a security guard matched against a single template obtained during enroll- 

at an entrance to an area or through the use of video cameras men t. If the two match, the system effectively confirms that 

or the like to transmit images to a security guard at a remote the person actually is who he presents himself to be. The key 

or centralized location. Of course, the use of security guards 30 difference between these two approaches centers on the 

and video cameras can become expensive and is only as logic addressed by the biometric system and how these fit 

reliable as the particular guard and his state of alertness at within a given application. Identification systems decide 

any particular time. who the person is and can check whether more than one 

The complexities of modern society have only served to matching biometric template exists. Accordingly, identifica- 

increase the need for access control. For example, many 35 {ion s y stems can ^ aoccss to an individual who is 

government agencies and contractors work on matters that to oG A ^ mow than 9™ identit y- 

are of a confidential or even "top secret" nature. In fact, most on the other hand only decides if the person is 

workplaces such as offices warehouses and even retail who he ^ ys he 1S * Accordm g lv » identification systems are 

worKplaces, sucft as omces, warenouses, and even retail mofe versatile ^ powerfuL However, verification systems 

stores in some instances, have a need to implement access „ , . , ./ 

, . . i £ f i , j , generally require less processing horsepower and thus are 

control to prevent the theft of intellectual property and/or 40 oo mm0 nly used 

goods. j n t yp* ca j bicraeiric access control systems, biometric 

In response to the need for access control, many govern- sensors ^ placcd proximate cntr ances and are linked to a 

ment agencies and businesses have issued identification ce ntral computer having biometric "enrollment" data, i.e., 

cards to their employees and other authorized personnel. templates, representing biometric parameters of authorized 

Often, the identification card includes a picture of the 45 users collected from a central enrollment station. If the 

authorized person. However, such an identification card still biometric parameter collected at the entrance matches a 

requires a security guard or other personnel for verification. template stored in the central computer, access is granted. 

Also, such cards are easily forged by replacing the picture However, conventional biometric systems have several limi- 

with that of an unauthorized person. To overcome these tations. In particular, the sensing accuracy of biometric 

limitations, it is known to provide the employee with a 50 parameters, such as facial parameters, retinal parameters, 

personal identification number (PIN) or other identifying and the like is highly dependent on the environment in which 

code. The identifying code can be encoded in a magnetic the parameters are sensed. For example, the lighting 

strip or the like in a security card and read by an automated intensity, angle and color will affect sensing of biometric 

reader at an entrance to grant access only to persons having parameters. Accordingly, the ability to reliably match data 

the card. Alternatively, the code can be entered by the user 55 representing parameters collected at an entrance with data of 

on a keypad to gain access. However, the use of identifying templates collected during enrollment is limited, especially 

codes also has drawbacks in access control applications. In when the entrance is an external entrance where the weather, 

particular, the identification card can be stolen or the user season, and time of day will affect lighting significantly, 

can be forced under duress to reveal their code. In such Also, sensing biometric parameters, converting the param- 

cases, unauthorized possessors of the card or code can gain 60 eters to data, communicating the data to a central computer, 

access to a restricted area. and comparing the data parameters with templates of enroll- 

The use of biometrics has been proposed as a solution to ment data in the central computer is relatively time 

the limitations noted above. Generally, the term "biomet- consuming, even with modem high speed computers and 

rics" refers to the study of measurable biological communication links. Accordingly, such systems present 

characteristics, i.e. biometric parameters, of a living being. 65 significant inconveniences to the authorized persons through 

In the context of security, "biometrics" refers to techniques improperly rejected access and time delays prior to granting 

that rely on a unique, measurable characteristic of a living access. 
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The use of less environmentally affected Diametric It is an object of the invention to maximize the speed of 

parameters, such as fingerprint parameters can alleviate biometric identification access control, 

some of the problems noted above. However, sensing such j t is another object of the invention to maximize the 

parameters requires that the person desiring access make accuracy of biometric identification access control, 

physical contact with a sensor, such as a fingerprint scanner. < Ti . it _ ,. A c . . 4 . , ... 4 , 

upoD each entry request. Also, such parameters are easily . 11 B anoth6r ° b J 6 u ct of the »^tion to minimize the 

affected by skin debris, and skin blemishes. Therefore, the ^convenience and collusiveness of biometric identification 

person desiring access may have to wipe off their finger, not access control. 

to mention remove any gloves, prior to submitting to the It is another object of the invention to minimize the effect 

physical contact with the sensor. The match tolerance of environmental variables in biometric identification access 

between a template and data corresponding to a measured control. 

parameter can be increased to minimize lockout of autho- it is another object of the invention to clearly indicate any 

rized users. However, such an approach inherently reduces security anomaly in a biometric identification access control 

the accuracy and effectiveness of the system by increasing system. 

the likelihood of allowing access to unauthorized users. a c * ~, * f *u • *•* * c . i 
ttc d * xt c mn * * i *u * c i 15 A first aspect of the invention is an apparatus for control- 
U.S.Pat. No. 5, 802, 199 attempts to solve the issue of slow r _ • , • i j- 

... * • -j 5 + i ling access into an area compnsmg a server mcludmc server 

response in biometric identification systems by transmitting , j * « j • ^ j . 

a subset of templates obtained through enrollment from a ™* , T / ? C ° UeCtl ^ deV1Ce f° nfi ^ red * 

central computer to one of plural "local" computers. If the coUect data assj f ed to each authorized 

user attempts to use an ATM terminal that corresponds to the P™ f l ° caX acce f umi located f l ™ entrance to »"» 

"local" computer, identification is accomplished by collec- 20 md chiding local memory, a local processor, a local 

tion of biometric data and a PIN number and by comparison biometric parameter sensing device, a local data collection 

with templates in the "local" computer. If a matching devicc and an acccss control device, and a communication 

template and PIN number is not in the "local" computer, channel for downloading the identification data from the 

biometric identification is accomplished in the central com- server to the local access unit. The local processor is 

puter by transmitting collected data over a remote commu- 25 operative to compare biometric parameter data of a person 

nication link proximate the entrance collected by the local biometric 

U.S. Pat. No. 5,802,199 relates to identification for allow- parameter sensing device with biometric parameter data 

ing use of ATM terminals and not for access control as stored in the local memory and to grant access to the area by 

defined herein. The practical communications of access operating the access control device if the biometric param- 

control and ATM use control are quite different. For 30 eter data collected by the local biometric parameter sensing 

example, the "local" computers disclosed in U.S. Pat. No. device and biometric parameter data stored in the local 

5,802,199 are apparently not at the location of biometric memory correspond to one another. The processor is also 

sampling, i.e. the ATM terminal. It appears that plural ATM operative to prompt the person to enter the identification 

terminals are assigned to each local computer because of the data thc local data device ^ &ani 

inherent geographic distribution of ATM terminals. Hie access to the area by operating the access control device only 

A^HinT^h "'I JT H 1 y H ^uc^ m^JSS' whcn thc identification data of an authorized person is 

f^fnn^ enteredifthebiometricparameterdatacollectedbythelocal 

199 is not suitable for high speed access control which i_- „ • * • * • j . . • 

generally requires high speed identification within a rela- blomctnc parameter sensing device and the biometric 

lively small geographic area, such as a single building or P a rameter data stored in the local memory do not corre- 

campus. Also, since enrollment is conducted centrally, i.e. 40 spond. The processor is also operative to store the biometric 

not at the site of the ATM terminal, environmental variables parameter data collected by the local biometric parameter 

will affect the accuracy of identification. Finally, this system sensing device in correspondence with the entered identifi- 

requires that two separate things be recognized, the biomet- cation data in the local memory when the biometric param- 

ric sample parameters and a PIN number entered by the user. et er data collected by the local biometric parameter sensing 

U.S. Pat. No. 5,903,225 discloses an access control sys- 45 device and the biometric parameter data stored in the local 

tem in which data is encoded on a card during an enrollment memory do not correspond and identification data of an 

procedure in correspondence to the person's fingerprint. authorized person is entered through the local data collection 

When attempting to gain access to a restricted area, a device. 

transmitter on the card transmits the data to a receiver at the A second aspect of the invention is an apparatus for 

entrance to grant access. This system apparently does not 50 controlling access into an area comprising a server including 

implement biometric recognition or identification and thus server mem ory and a server data collection device config- 

has the same kmitaiions as conventional access systems ured to i den ti ncat joo data assigned to each autho- 

usrng magnetic cards. In particular whoever possesses the rized lufal loca] acccss ^ ^ dve 

card b granted access regardless of their identity. cach ^ ^ ^ ^ mem a 

U.3. Fat. No. 4,993,068 discloses an access system in _ 11 „ _ , , , , « 4 . , , 

, . , 11 ' j . 1 j *? . 55 local processor, a local data collection device and an 

which the enrollment procedure includes recording biomet- j„. t - n „ A ~ • «• l 1 c 

- 1 , a* u -ju*u j • * L entrance control device, and a communication channel for 

nc data on a card to be earned by the user and comparing the A . j. , u r A j * ^ ,t_ . 1 

data on the card with data of biometric parameters measured d °7 loadir f ^ identification data from the server to each 

at the entrance. This system is inherently a verification of ^ plu j al tcr /° mals - ™ e Processor is operaUve to 

system and thus is not as flexible as an identification system ™™V*k data collected by one of the local access units with 

for the reasons discussed above. Also, since enrollment is 60 data downloaded over the commumcation channel and oper- 

conducted at a central location, sensing of parameters upon ate the entrance control device based on results of the 

access can be affected by the environment at the entrance. comparison. 

Accordingly, the accuracy of this system is limited. A t^d aspect of the invention is a method of controlling 

™iADvncTUDixnn:MnnM access into an area comprising thc steps of collecting 

SUMMARY OF THE INVENTION 65 identification data to „ authori2e d perS on with! 

It is an object of the invention to overcome the limitations server, downloading the identification data from the server 

of the known systems described above. to a local access unit located at an entrance and having an 
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access control device, comparing biometric parameter data computers as described in detail below. In the preferred 

of a person collected proximate the entrance by the local embodiment, communications channel 80 is a local area 

access unit with biometric parameter data stored in the local network (LAN) such as an Ethernet network communicating 

access unit and granting access by operating the access ove r a coaxial cable or unshielded twisted pair (UTP). 

control device if the biometric parameter data collected 5 However, communication channel 80 can be any type of 

proximate the entrance and biometric parameter data stored communication channel using cables, radio frequency 

in the local access unit correspond to one another, prompting transmission, optical transmission over fibers, infrared 

the person to enter the identification data into the local transmission, or any other wired or wireless communication 

access unit and granting access by operating the access m °d e capable of providing the communication described 

control device only when the identification data of an 10 herein. Any communications protocols and transmission 

authorized person is entered if the biometric parameter data medium can be used. For example, communication channel 

collected proximate the entrance and the biometric param- $0 can De me Internet and each computer can have a separate 

eter data stored in said local access unit do not correspond, IP address. Also, communication channel 80 can be accom- 

and storing the biometric parameter data collected proximate plished merely by physically moving a removable recording 

the entrance in correspondence with the entered identifica- 15 medium, such as a diskette, between server 40 and access 

tion data in the local access unit when the biometric param- terminals 60; a channel sometimes referred to as "sneaker- 

eter data collected proximate the entrance and the biometric net "* 

parameter data stored in the local access unit do not corre- Server 40 is a digital microprocessor based computer, 
spond and identification data of an authorized person is such as a personal computer, a minicomputer, a program- 
entered through the local access unit. 20 mable logic controller, or any other proprietary or non- 

Afourth aspect of the invention is a method of controlling proprietary device capable of accomplishing the processing 

access into an area comprising the steps of collecting md communication functions described below. Server 40 

identification data assigned to an authorized person with a includes central processing unit (CPU) 42, memory device 

server, downloading the identification data from the server 44 ( sucn 88 a magnetic hard drive), random access memory 

to each of plural access units located at respective entrances 25 (RAM) 46, input device 48 (such as a keyboard and mouse), 

to the area and including an entrance control device, col- display 50, microphone 52, speaker 54, biometric parameter 

lecting data with one of the local access units, comparing the sensing device 56, a data bus (not illustrated) for providing 

data collected by the local access unit with the identification communications between the various components and the 

data downloaded during the downloading step, and operat- appropriate interfaces for each component (also not 

ing the entrance control device based on results of said 30 illustrated). Biometric parameter sensing device 56 serves to 

comparing step. collect identification data during an enrollment procedure, as 

Afifth aspect of the invention is a method of controlling deScribed beloW ' and Ca \ be of a 7 tv f> such as a finger- 
access into an area comprising the steps of a primary P " Dt f^™*' a cam< ; ra f ° r ^ P«mete^ a 
enrollment in which identification data is assigned to an retmal s f nD ^' ° r me ^ For ^ sa ^ of ^ s * on ° f the 
authorized person, an identification step in which a biomet- 35 preferred ™ bod ™^ * * f™d herem that biometric 
ric parameter is sensed and converted to biometric parameter Pf™*?' device 56 is a fingerprint scanner capable 
data and in which the biometric parameter data is compared °J SenS *f Parameters relating to a persons fingerprint 
to stored biometric parameter data, an access granting step S ?7? 40 J"? a stored ^ memory device 44 
when the biometric parameter data corresponds to the stored ^ f ' l ~ 10QS fo ? accom P llst ™g 
biometric parameter data in the identification step, and a 40 ™ e control program of server 40 also 
secondary enrollment step in which the biometric parameter ™hi des a ^^ Q ^ U \ * U ^ 
data is stored as the stored biometric parameter data when N ° h 5 ^ 6 > 103 > dlsclosure of whlch 1S incorporated 
the biometric parameter data does not correspond to the nerem DV reference. 

stored biometric parameter data in the identification step and Local access unit 60 ^° is a d ^ microprocessor based 

the identification data is entered. 45 computer, such as a personal computer, a minicomputer, a 

programmable logic controller, or any other proprietary or 

BRIEF DESCRIPTION OF THE DRAWING non-proprietary device capable of accomplishing the pro- 
cessing and communication functions described below. Only 

The invention is described through a preferred embodi- one local access unit 60 is illustrated in detail and discussed 

ment and the attached drawing in which: 50 in detail below. However, each local access unit is similar 

FIG. 1 is a block diagram of the architecture of an access and thus the description below applies to each local access 

control system of the preferred embodiment; unit 60. Local access unit 60 includes central processing unit 

FIG. 2 is a flow chart of the primary enrollment procedure (CPU) 62, memory device 64 (such as a magnetic hard 

of the preferred embodiment; drive), random access memory (RAM) 66, input device 68 

FIG. 3 is a flow chart of the identification and secondary 55 [ such a k& ^ d ^ 10 J micro P hone ^ s P eaker 74 > 

enrollment procedures of the preferred embodiment; and b 1 wme u tnc P arameter »«™S 76 ( f ^ 45 m aux " 

CT „ . . - , , , . . lhary biometric parameter sensing device), biometric param- 

FIG. 4 is a flow chart of the anomaly enunciation proce- eter sensing device 1% COfltrol ^ J$ ^ ^ a 

lock solenoid, gate, or the like), a data bus (not illustrated) 

DETAILED DESCRIPTION OF THE 60 ^ 0r P rov ^ n 8 communications between the various 

PREFERRED EMBODIMENT components, and the appropriate interfaces for each com- 
ponent (not illustrated). Biometric parameter sensing device 

FIG. 1 illustrates the system architecture of a preferred 76 preferably is of the same type, Le. senses the same 

embodiment of the invention. Biometric access control biometric parameters, as biometric parameter sensing device 

system 20 includes server 40, plural local access units 60, 65 56 of server 40, a fingerprint scanner in the preferred 

and communications channel 80. Server 40 and local access embodiment. Biometric parameter sensing device 77 can be 

units 60 can each include microprocessor based digital of any type but is preferably of a diflerenUype, Le. senses 



dure. 
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different biometric parameters, than biometric parameter the templates are stored in each local access terminal and are 

sensing device 76. In the preferred embodiment, biometric constantly or periodically updated with any new enrollment 

parameter sensing device 77 is a camera for sensing facial data collected during a primary enrollment procedure. Step 

parameters. D can be conducted immediately after step C or can be 

Each local access unit 60 has a control program stored in 5 delayed to download data in a batch process. The primary 

memory device 64 which includes instructions for accom- enrollment procedure comes to an end in step E. Of course, 

pHshing the functions described below. The control pro- the primary enrolment procedure can be accomplished at 

grams of local access units 60 also include a biometric any time and one or more persons can be enrolled during 

engine, such as that described in U.S. Pat. No. 5,386,103. each procedure. Also, enrollment data can be deleted or 

Each local access unit 60 can include access panel 60a 1Q modified as needed. For example, when an employee leaves 

(including input device 68, display 70, microphone 72, a company it may be desirable to delete his template so that 

speaker 74, biometric parameter sensing device 76, biomet- he cannot be granted access to the building or other area, 

ric parameter sensing device 77, and access control device Also, when a person is promoted, their access privileges 

78) and controller 606 (including CPU 62, memory device may be increased. Further, a terminated employees template 

64, and RAM 66). Access panel 60a and controller 60b can 15 may be left while his access privileges are revoked. In sucb 

be housed separately. However, it will become apparent a situation presence of the terminated employee can be 

below that access panel 60a and controller 60b preferably flagged as an anomaly as described below, 

are located in close proximity to one another. The number of When primary enrollment for one or more authorized 

physical enclosures associated with local access unit 60 can persons is finished, system 20 is ready to identify authorized 

vary as is required by the particular application and entrance. w persons and control access to a building or other area. FIG. 

Server 40 can be disposed at any location in the building 3 illustrates the procedure for controlling access. As a person 
or other area to which access control system 20 is being approaches an entrance having remote access unit 60, bio- 
applied or at a remote location. Also, server 40 can be any metric parameter sensing device 77 begins to sense 
one of plural computers coupled to a network or can be parameters, e.g. facial image parameters, in an attempt to 
embodied by plural computers on the network each con- 25 identify the person as an authorized person. For example, 
ducting a different portion of the function of server 40. For biometric parameter sensing device 77 can be in constant 
example, the enrollment procedure disclosed below can be operation and can begin to sense facial parameters when a 
conducted on one computer and the anomaly monitoring person is within a prescribed range. Alternatively, biometric 
functions disclosed below can be conducted by another parameter sensing device 77 can be turned on by the 
computer with the two computers together constituting 30 presence of the person using a proximity sensor or the like, 
server 40. Local access units 60 on the other hand are located The engine disclosed in U.S. Pat. No. 5,386,103 is capable 
in close proximity to respective doors or other entrances of of sensing parameters while the subject person is several feet 
the building or other area to which access control system 20 away. In any event, as the person approaches remote access 
is applied. Typically, access panels 60a are located just unit 60, facial parameters are sensed in step A. Instep B, the 
outside the doorframe and controllers 60b are located inside 35 data of the sensed parameters are compared with templates 
an entrance to the building or other area to prevent tamper- stored in memory device 64 of remote access unit 60. 
ing therewith. However, controllers 60b are preferably In step C, local access unit 60 determines if the approach- 
located close enough to respective access panels 60a to ing person has been identified through steps A and B and, if 
allow local communications through a serial port, parallel so, operates access control device 78 to grant access to the 
port, Universal Serial Bus (USB) port or the like. 40 person in step D. Step D can require that the person press a 

FIG. 2 illustrates the primary enrollment procedure of the button and/or turn a door handle to unlock the door. Also, an 

preferred embodiment in which persons are authorized for indication of granted access, such as a green light or a 

access. A person to be allowed access to the area controlled message on display 70 can be enunciated. If the determina- 

by system 20 is brought to an enrollment location proximate tion in step C is that the person was not identified, the 

server 40. Biometric parameters are sensed by biometric 45 procedure branches to step E. For example, if it is the first 

parameter sensing device 56 of server 40 in step A. This is time the person has approached the particular entrance and 

accomplished by placing the finger of the person on a thus corresponding facial data is not stored in local access 

sensing surface of biometric parameter sensing device 56 unit 60, if the environment (such as lighting) has changed 

and selecting appropriate menu choices displayed on display since the time of the last collected facial data of the person, 

50 in accordance with the control program stored in memory 50 or if the person is not an authorized (i.e. enrolled) person, the 

device 44 and being executed by CPU 42. Data correspond- facial parameter data of the person will not correspond to 

ing to the sensed parameters is thus collected and recorded facial parameter data stored as templates in memory device 

in memory device 44. Using input device 48, corresponding 64. In step E, the access granted indicator is not enunciated 

data, such as the authorized persons name, title, access and the person is prompted, through a message on display 

privileges, and the like is entered in step B and stored in 55 70, to touch biometric parameter sensing device 76 with 

memory device 44 in correspondence to the data stored in their finger to obtain a fingerprint scan. 

stc P A- In step F, the data corresponding to fingerprint parameters 

In step C, it is determined if all enrollment is finished, Le. obtained in step E are compared with fingerprint parameters 

if the operator of server 40 does not wish to enroll other in templates stored in memory device 64 (see step D of the 

persons at this time. If so, the procedure continues to step D, 60 primary enrollment procedure described above with refer- 

if not, the procedure returns to step A for collection of ence to FIG. 2). If the person is authorized for access, i.e. has 

biometric parameter data for another person. In step D, been enrolled, their fingerprint parameter data will corre- 

enrollment data, including biometric data and corresponding spond to a stored template in comparison step F. If the 

data entered in steps A and B respectively, is downloaded to fingerprint parameters do not correspond to template, the 

each local access unit 60. The enrollment data can be stored 65 person is not identified in step G, is not authorized, and thus 

in memory device 64 of each local access unit as templates is not granted access. Additionally, in step H, an alarm can 

in any format, such as known database formats. Accordingly, be sounded, proper personnel can be notified, or the 
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attempted entrance can be recorded for later review in the 
manner described in detail below. If the person is identified 
in step G, the procedure continues to Step I. 

In step I, the person who has been identified through 
fingerprint parameter data as being enrolled and thus 5 
authorized, but not identified through facial parameter data, 
is prompted by a message on display 70, to look towards 
local access unit 60 while biometric parameter sensing 
device 77 senses facial parameters of the person. The facial 
parameters are converted to data and stored as a template in 10 
memory device 64 in step J in correspondence with the 
existing biometric data and corresponding data downloaded 
and stored during step D of the primary enrollment process 
described above. Access is granted to the authorized person 
in step K. The procedure is then reset and returns to step A 15 
to await the next person. 

The template including facial parameter data stored in 
step J is used (along with other stored templates having 
facial parameter data) in comparison step B the next time the 
person approaches local access unit 60. Therefore, it is more 2 o 
likely that the person will be recognized in steps A-D above 
upon the person's next attempted entry and thus the relative 
inconvenience of steps E-J will not be required. However, 
steps E-J, i.e. the secondary enrollment procedure, can be 
accomplished anytime a person is not identified by virtue of 25 
facial parameters in step C. Eventually, enough facial 
parameter data is stored in memory device 64 to allow 
access of the authorized person in a variety of environmental 
conditions at the particular entrance. A similar procedure can 
be accomplished at other local access units 60, i.e. each 30 
entrance that the person uses. Of course, if the person alters 
their face by growing or shaving facial hair, gaining or 
losing a large amount of weight, having cosmetic surgery, or 
the like, the secondary enrollment of steps E-J will be 
accomplished again upon the person's next entry. Keep in 35 
mind that the user is always recognized through at least the 
first enrollment parameters, i.e fingerprint parameters, or the 
second enrollment parameters, i.e facial parameters, prior to 
being granted access. 

FIG. 4 illustrates a procedure for handling anomalies, 40 
such as unauthorized persons attempting to gain access, or 
unauthorized persons gaining access on the coattails of 
authorized persons. For example, each time access is granted 
in steps D or K of FIG. 3, local access unit 60 can count the 
number of persons passing through the entrance. If more 45 
than one person enters a "tailgating" anomaly is detected. 
Counting can be accomplished with biometric parameter 
collection device 77 or with any appropriate sensor, such as 
a photo sensor, proximity sensor, or the like. Further, an 
anomaly can be any situation other than the normal granting 50 
of access to an authorized person within their access param- 
eters. An anomaly can result from the satisfaction of any 
predetermined criterion. For example, it may be desirable to 
know if a particular authorized person or persons, gains 
access more than a preset number of times. Also, it may be 55 
desirable to know if a previously authorized person whose 
access privileges have been revoked is near an entrance. 
Local access unit 60 is programmed to detect any anomalies 
under conditions set forth by a system administrator or other 
supervisory person and programmed into the control pro- eo 
gram. 

In step A it is determined if an anomaly is present based 
on the programmed conditions. If an anomaly is present, 
local access terminal 60 notifies server 40 over communi- 
cation channel 80 in step B. Server 40 can be programmed 65 
to notify appropriate personnel by one or more of sounding 
an alarm, sending a message (by email, fax, telephone for 
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example), or the like in step C. As noted above, biometric 
parameter sensing device 77 collects image data of each 
approaching person or persons. Ordinarily, the image data is 
discarded, i.e erased from memory shortly after being 
recorded in step F. However, in the event of an anomaly, the 
previous several seconds of image data is saved and sent to 
server 40 over communication channel 80 for display in 
substantially real time or for later review in step D. 
Accordingly, images, i.e. video, of each anomaly creating 
approach can be viewed in step E to determine the appro- 
priate action. For example, security personnel can commu- 
nicate with the unauthorized person or persons causing the 
anomaly through the microphones 52 and 72 and speakers 
54 and 74 to ascertain the person's status or to warn the 
person of their violation of security policy. 

If an anomaly is not detected in step A, the image data 
recorded over the previous time period is erased in step F 
and processing returns to step A. Accordingly, a "loop" of 
video image data is recorded over and over and only saved 
or played back when an anomaly is detected. Therefore, 
there is no need to have personnel constantly view surveil- 
lance video. The personnel is notified when there has been 
an anomaly and shown only the relevant video images. The 
notified person or persons can be anyone coupled to the 
network of FIG. 1 or otherwise in communication with 
server 40 through any type of communication channel. Hie 
anomaly detection procedure can run constantly in parallel 
with other processing. Also, instead of automatically enun- 
ciating an alarm or the like, the anomaly handling procedure 
can prompt the person to press a "doorbell" button to notify 
and communicate with security personnel or other appro- 
priate personnel, such as a receptionist. The button can be 
integrated with the fingerprint scanner of biometric param- 
eter sensing device 76 to thereby obtain a fingerprint scan of 
the person attempting entry. Tlie personnel can then nor- 
mally grant or deny access. All access information, such as 
time, date and identity of persons granted or denied access 
(including approach video) can be logged and processed by 
local access units 60 and server 40 for statistical purposes, 
asset allocation, or for any other reason. 

It can be seen that the preferred embodiment provides the 
convenience of reliable biometric access control regardless 
of environmental variables without sacrificing accuracy. 
Also, the preferred embodiment processes the biometric 
parameters at the entrance and thus biometric identification 
can be accomplished very quickly. Hie preferred embodi- 
ment uses fingerprint parameters for a primary enrollment 
and facial parameters for a secondary enrollment- However, 
any biometric or other parameters can be used for each 
enrollment. The primary enrollment can be accomplished by 
using a PIN number as identifying data in combination with 
or in place of biometric parameters. Also, the secondary 
enrollment can be omitted and identification at the local 
access unit can be accomplished by the primary enrollment 
only. For example, enrollment and identification can be 
accomplished by virtue of sensing of a single biometric 
parameter with the server downloading templates to the 
local access units. Access can be granted by sensing the 
same parameters at the local access units and comparing to 
the downloaded templates stored in the local access units. 

There can be any number of local access units. Any 
hardware and/or software can be used in the invention for 
accomplishing the functions disclosed above. The various 
data communication and storage can be accomplished using 
any appropriate formats, protocols, and media. The various 
disclosed features of the invention can be combined in any 
manner. The control programs can be programmed in any 
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language by one of skill in the art based on the functions 
disclosed herein. Any biometric technologies can be used for 
identification in the invention and any type of sensors or 
scanners can be used to collect the appropriate data or 
parameters. The invention can be applied to identification 5 
and/or verification systems. The access device can be any 
device for selectively providing access. The invention can be 
used to control entry into an area or exit from the area. 
Accordingly, the term "entrance", as used herein, refers to a 
door, gate, passage, or the like through which persons can 10 
enter or leave an area. 

The invention has been described through a preferred 
embodiment. However various modifications can be made 
without departing from the scope of the invention as defined 
by the appended claims. 15 

What is claimed: 

1. An apparatus for controlling access into an area to, 
comprising: 

a server including server memory and a server data 
collection device configured to collect identification 20 
data assigned to an authorized person; 

a local access unit located at an entrance to the area and 
including local memory, a local processor, a local 
biometric parameter sensing device, a local data col- 
lection device and an access control device; and 

a communication channel for downloading the identifi- 
cation data from the server to the local access unit; 

wherein said local processor is operative to compare 
biometric parameter data of a person proximate the 
entrance collected by said local biometric parameter 
sensing device with biometric parameter data stored in 
said local memory and to grant access to the area by 
operating said access control device if the biometric 
parameter data collected by said local biometric param- 
eter sensing device and biometric parameter data stored 
in said local memory correspond to one another, and 
wherein said local processor is operative to prompt the 
person to enter the identification data through said local 
data collection device and grant access to the area by 
operating said access control device only when the 
identification data of an authorized person is entered if 
the biometric parameter data collected by said local 
biometric parameter sensing device and the biometric 
parameter data stored in said local memory do not 
correspond, and wherein said local processor is also 
operative to store the biometric parameter data col- 
lected by said local biometric parameter sensing device 
in correspondence with the identification data in said 
local memory when the biometric parameter data col- 
lected by said local biometric parameter sensing device 
and the biometric parameter data stored in said local 
memory do not correspond and the identification data 
of an authorized person is entered through said local 
data collection device. 55 

2. An apparatus as recited in claim 1, wherein said server 
data collection device is a server biometric parameter sens- 
ing device, said local data collection device is an auxiliary 
local biometric parameter sensing device, and the identifi- 
cation data is biometric parameter data. eo 

3. An apparatus as recited in claim 2, wherein said server 
biometric parameter sensing device is of the same type as 
said auxiliary biometric parameter sensing device. 

4. An apparatus as recited in claim 3, wherein said server 
biometric parameter sensing device is a fingerprint param- 65 
eter sensing device, said auxiliary biometric parameter sens- 
ing device is fingerprint parameter sensing device, and said 
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local biometric parameter sensing device is a facial param- 
eter sensing device. 

5. An apparatus as recited in claim 4, wherein there are 
plural local access units located at respective entrances and 
wherein said communication channel downloads the iden- 
tification data to each of said local access units. 

6. An apparatus as recited in claim 1, wherein said local 
biometric parameter sensing device comprises a video cam- 
era and wherein said local processor is operative to store 
image data collected by said video camera and upload said 
video data over said communication channel to said server 
when an anomaly is detected. 

7. An apparatus for controlling access into an area com- 
prising: 

a server including server memory and a server data 
collection device configured to collect identification 
data assigned to an authorized person; 

plural access units associated with respective entrances, 
each local access unit including a local memory, a local 
processor, a local data collection device and an access 
control device; and 

a communication channel for downloading the identifi- 
cation data from the server to each of the plural local 
access units; 

wherein said local processor is operative to compare data 
collected by the one of said local access units with 
identification data downloaded over said communica- 
tion channel and operate the entrance control device 
only when the identification data of an authorized 
person is entered; and 

wherein, when the identification data downloaded over 
said communication channel and the biometric param- 
eter data collected by the one of said local access units 
and stored in said local memory do not correspond, and 
the identification data of an authorized person is 
entered through said local data collection device, the 
local processor is also operative to store the biometric 
parameter data collected by one of said local access and 
the identification data of an authorized person is 
entered through said local data collection device. 

8. An apparatus as recited in claim 7, wherein said server 
data collection device comprises a server biometric param- 
eter sensing device and the identification data is biometric 
parameter data. 

9. An apparatus as recited in claim 8, wherein said local 
data collection device comprises an auxiliary biometric 
parameter sensing device of the same type as said server 
biometric parameter sensing device. 

10. An apparatus as recited in claim 9, wherein said local 
access units each comprises a local biometric parameter 
sensing device of a different type than said auxiliary bio- 
metric parameter sensing device. 

11. An apparatus as recited in claim 9, wherein said local 
processor is operative to compare biometric parameter data 
of a person proximate the entrance collected by said local 
biometric parameter sensing device with biometric param- 
eter data stored in said local memory and to grant access by 
operating said access control device if the biometric param- 
eter data collected by said local biometric parameter sensing 
device and biometric parameter data stored in said local 
memory correspond to one another, and wherein said local 
processor is operative to prompt the person to enter biomet- 
ric parameters through said auxiliary biometric parameter 
sensing device and grant access by operating said access 
control device only when the biometric parameter data of an 
authorized person is entered through said auxiliary biometric 
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parameter sensing device if the bio me trie parameter data 
collected by said local biometric parameter sensing device 
and the biometric parameter data stored in said local 
memory do not correspond, and wherein said local processor 
is also operative to store the biometric parameter data 
collected by said local biometric parameter sensing device in 
correspondence with the biometric parameter data in said 
local memory when the biometric parameter data collected 
by said local biometric parameter sensing device and the 
biometric parameter data stored in said local memory do not 
correspond and the biometric parameter data entered 
through said auxiliary biometric parameter sensing device 
corresponds to an authorized person. 

12. An apparatus as recited in claim 11, wherein said 
server biometric parameter sensing device is a fingerprint 
parameter sensing device, said auxiliary biometric param- 
eter sensing device is fingerprint parameter sensing device, 
and said local biometric parameter sensing device is a facial 
parameter sensing device. 

13. A method of controlling access into an area compris- 
ing the steps of: 

collecting identification data assigned to an authorized 
person with a server; 

downloading the identification data from the server to a 
local access unit located at an entrance and having an 
access control device; 

comparing biometric parameter data of a person collected 
proximate the entrance by said local access unit with 
biometric parameter data stored in the local access unit 
and granting access by operating the access control 
device if the biometric parameter data collected proxi- 
mate the entrance and biometric parameter data stored 
in the local access unit correspond to one another; 

prompting the person to enter the identification data into 
the local access unit and granting access by operating 
the access control device only when the identification 
data of an authorized person is entered if the biometric 
parameter data collected proximate the entrance and the 
biometric parameter data stored in said local access unit 
do not correspond; and 

storing the biometric parameter data collected proximate 
the entrance in correspondence with the entered iden- 
tification data in the local access unit when the bio- 
metric parameter data collected proximate the entrance 
and the biometric parameter data stored in the local 
access unit do not correspond and the identification 
data of an authorized person is entered through the 
local access unit. 

14. A method as recited in claim 13, wherein the identi- 
fication data is biometric parameter data. 

15. A method as recited in claim 14, wherein the biometric 
parameter data collected proximate the entrance is of a 
different type than the biometric parameter data collected as 
the identification data. 

16. A method as recited in claim 15, wherein the biometric 
parameter data collected proximate the entrance is facial 
parameter data and the biometric parameter data collected as 
the identification data is fingerprint parameter data. 

17. A method as recited in claim 15, wherein said down- 
loading step comprises downloading the identification data 
to plural local access units located proximate respective 
entrances. 

18. A method of controlling access into an area compris- 
ing: 

collecting identification data assigned to an authorized 
person with a server; 
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downloading the identification data from the server to 
each of plural access units associated with respective 
entrances to the area, each local access unit including 
an entrance control device; 
5 collecting data with one of the local access units; 

comparing the data collected by one of the local access 
units with the identification data downloaded during 
said downloading step; 

operating the entrance control device collected based on 
10 results of said comparing step; 

prompting a person seeking access to enter identification 
data if the identification data downloaded during said 
downloading step and the data collected with one of the 
local access units do not correspond; 

storing the identification data collected by one of said 
local access units when the identification data down- 
loaded over said communication channel and biometric 
data collected by said local access units and stored in 
2Q the local memory do not correspond and the identifi- 
cation data of an authorized person is entered through 
said local data collection device. 

19. A method as recited in claim 18, wherein the identi- 
fication data is biometric parameter data and the data col- 
lected by the local access units is biometric parameter data. 

20. A method as recited in claim 19, wherein the biometric 
parameter data collected by the one of the local access units 
is of a different type than the biometric parameter data 
collected as the identification data. 

3Q 21. A method as recited in claim 20, wherein the biometric 
parameter data collected by the one of the local access units 
is facial parameter data and the biometric parameter data 
collected as the identification data is fingerprint data. 

22. A method of controlling access into an area compris- 
35 ing the steps of: 

a primary enrollment step in which identification data is 
collected, assigned to an authorized person, and stored; 

an identification step wherein a biometric parameter is 
sensed, converted to biometric parameter data, and 
4Q wherein said biometric parameter data is then com- 
pared to said stored identification data; 

an primary access granting step wherein, when the bio- 
metric parameter data corresponds to the stored iden- 
tification data, access is granted to said authorized 
45 person, or wherein when the biometric parameter data 
does not correspond to the stored identification data, 
access is denied and at least one additional biometric 
parameter is sensed and compared to the stored iden- 
tification data 

50 a secondary enrollment step wherein when said additional 
biometric parameter data corresponds to the stored 
identification data, said additional biometric parameter 
data is stored and correlated with said identification 
data; 

55 a secondary access granting step, wherein when said 
additional biometric parameter data corresponds to the 
stored identification data, access is granted to said 
authorized person. 

23. A method as recited in claim 22, wherein said primary 
60 enrollment step is conducted with a centralized server and 

said secondary enrollment step is conducted with a local 
access unit, e 

24. A method as recited in claim 23 wherein the identi- 
fication data is biometric data and said primary enrollment 

65 step further comprises sensing a biometric parameter and 
converting the biometric parameter to biometric parameter 
data. 
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25. A method as recited in claim 24, wherein the biometric 
parameter sensed in said secondary enrollment step varies 
due to environmental conditions surrounding said local 
access units that were not present during said primary 
enrollment step. 5 

26. A method as recited in claim 25, wherein the biometric 
parameter sensed in said primary enrollment step is a 
fingerprint parameter and the biometric parameter sensed in 
said secondary enrollment step is a facial parameter. 

27. A method of controlling access into an area compris- 10 
ing the steps of: 

collecting identification data assigned to an authorized 

person with a server; 
downloading the identification data from the server to a 

local access unit located at an entrance and having an 15 

access control device; 
collecting entrance biometric parameter data of a person 

at the time of an attempted entry into the area with said 

local access and ^ 
comparing the entrance biometric parameter data with 

biometric parameter data stored in the local access unit 
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and granting access by operating the access control 
device if the entrance biometric parameter data and 
biometric parameter data stored in the local access unit 
correspond to one another; 
prompting the person to enter the identification data into 
the local access unit and granting access by operating 
the access control device only when the identification 
data of an authorized person is entered if the entrance 
biometric parameter data and the biometric parameter 
data stored in said local access unit do not correspond; 
and 

storing the entrance biometric parameter data in corre- 
spondence with the entered identification data in the 
local access unit when the entrance biometric param- 
eter data and the biometric parameter data stored in the 
local access unit do not correspond and the identifica- 
tion data of an authorized person is entered through the 
local access unit. 

***** 
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